Available on crate feature
openbsd
only.Expand description
§priv_sep
priv_sep
is a library for privilege separation.
It is currently designed around pledge(2)
and
unveil(2)
for OpenBSD-stable—that is correct, -stable not -current—but
in the future may contain functionality for Linux’s
seccomp(2)
.
§Pledge
Calls to pledge(2)
are done via Promises::pledge
and pledge_none
.
Note that since the use of execpromises
is quite rare, NULL
is always
used for it.
§Unveil
Calls to unveil(2)
are done via Permissions::unveil
and unveil_no_more
.
§Errors
Any error returned from the underlying system call is propagated via io::Error
.
Structs§
Enums§
- A
promise
topledge(2)
. - Error returned by
Permissions::unveil
.